Remote cluster support

IBM Spectrum Scale provides a feature to mount IBM Spectrum Scale file systems from one IBM Spectrum Scale cluster (owning cluster) to another IBM Spectrum Scale cluster (accessing cluster). You can configure an IBM Spectrum Scale Container Storage Interface driver to work with a remotely mounted IBM Spectrum Scale.

The cluster that owns the file system is responsible for administering the file system and granting access to other clusters on a per-cluster basis. After access to a file system is granted to nodes in another IBM Spectrum Scale cluster, the nodes can mount the file system and do data operations as if the file systems are locally owned.

For more information on the remote mount setup, see Accessing a remote GPFS file system in the IBM Spectrum Scale: Command and Programming Reference.

Note: Remote mount setup must be done before you configure IBM Spectrum Scale Container Storage Interface driver.

Remote cluster support. — Figure 1. Deployment of two IBM Spectrum Scale clusters with remote-mounted file systems

Primary cluster is IBM Spectrum Scale cluster where Red Hat® OpenShift® or Kubernetes worker nodes coexist with IBM Spectrum Scale client nodes. In this example deployment, cluster A is designated as the primary cluster.

The cluster O is another IBM Spectrum Scale cluster that has two file systems gpfs and fs1. The file system gpfs is mounted on Cluster A as file system mygpfs while file system fs1 is not exposed to Cluster A.

For each IBM Spectrum Scale cluster, cluster entry must be added under the clusters section of the custom resource.


- id: "<cluster id of IBM Spectrum Scale>”
  restApi:
  - guiHost: "< FQDN or IP GUI node of IBM Spectrum Scale cluster>"
  secrets: "<secret name for GUI of IBM Spectrum Scale cluster>"
  secureSslMode: false

One IBM Spectrum Scale cluster must be the primary cluster for IBM Spectrum Scale Container Storage Interface driver deployment. Primary cluster is marked by adding the primary section in the respective cluster entry. In the example described in the figure, deployment Cluster A is the primary cluster. Entry for primary cluster looks as follows:


- id: "<cluster id of IBM Spectrum Scale Cluster which is Primary cluster >”
     primary: 
	 primaryFs: <name of primary filesystem>
     restApi:
     - guiHost: "< FQDN or IP of Primary Spectrum Scale cluster’s GUI node>"
     secrets: "<secret name for GUI of Primary Spectrum Scale cluster >”
     secureSslMode: false

In the example deployment, there are two IBM Spectrum Scale clusters, hence two entries of clusters are added, one for the primary cluster (Cluster A) and another one for cluster O (Owning cluster).

The custom resource configuration slightly changes based on whether the primary file system is locally owned (gpfs0 in the example deployment) or remotely mounted ( mygpfs in the example deployment). The changes are in the primary section of the primary cluster entry.

The custom resource for the example deployment when primaryFS is a locally owned file system (gpfs0) looks as follows:

---
apiVersion: csi.ibm.com/v1
kind: "CSIScaleOperator"
metadata:
  name: "ibm-spectrum-scale-csi"
  namespace: "ibm-spectrum-scale-csi-driver"
  labels:
    app.kubernetes.io/name: ibm-spectrum-scale-csi-operator
    app.kubernetes.io/instance: ibm-spectrum-scale-csi-operator
    app.kubernetes.io/managed-by: ibm-spectrum-scale-csi-operator
    release: ibm-spectrum-scale-csi-operator
status: {}
spec:
  scaleHostpath: "/ibm/gpfs0"
  clusters:
    - id: "<cluster id of IBM Spectrum Scale Cluster A>"
      secrets: "guisecretNode1"
      secureSslMode: false
      primary:
        primaryFs: "gpfs0"
      restApi:
        - guiHost: "<FQDN/IP of Node 1>"
    - id: "<cluster id of IBM Spectrum Scale Cluster O>"
      secrets: "guisecretNodeA"
      secureSslMode: false
      restApi:
        - guiHost: "<FQDN/IP of Node A>"
  attacherNodeSelector:
    - key: "scale"
      value: "true"
  provisionerNodeSelector:
    - key: "scale"
      value: "true"
  pluginNodeSelector:
    - key: "scale"
      value: "true"
---

The custom resource, for example, deployment when primaryFs is a remotely mounted file system (mygpfs) looks like this.

---
apiVersion: csi.ibm.com/v1
kind: "CSIScaleOperator"
metadata:
  name: "ibm-spectrum-scale-csi"
  namespace: "ibm-spectrum-scale-csi-driver"
  labels:
    app.kubernetes.io/name: ibm-spectrum-scale-csi-operator
    app.kubernetes.io/instance: ibm-spectrum-scale-csi-operator
    app.kubernetes.io/managed-by: ibm-spectrum-scale-csi-operator
    release: ibm-spectrum-scale-csi-operator
status: {}
spec:
  scaleHostpath: "/ibm/mygpfs"
  clusters:
    - id: "<cluster id of IBM Spectrum Scale Cluster A>"
      secrets: "guisecretNode1"
      secureSslMode: false
      primary:
        primaryFs: "mygpfs"
	remoteCluster: "<cluster id of IBM Spectrum Scale Cluster O (Owning cluster)>"
      restApi:
        - guiHost: "<FQDN/IP of Node 1>"
    - id: "<cluster id of IBM Spectrum Scale Cluster O(owning cluster)>"
      secrets: "guisecretNodeA"
      secureSslMode: false
      restApi:
        - guiHost: "<FQDN/IP of Node A>"
  attacherNodeSelector:
    - key: "scale"
      value: "true"
  provisionerNodeSelector:
    - key: "scale"
      value: "true"
  pluginNodeSelector:
    - key: "scale"
      value: "true"
---

Table 1. Parameter description
Parameter name	Status	Parameter Description
id	Mandatory	Cluster ID of IBM Spectrum Scale cluster. For more information, see mmlscluster in the IBM Spectrum Scale: Command and Programming Reference.
primaryFs	Mandatory if cluster is primary.	Name of the primary file system on the primary cluster.
primaryFset	Optional	Primary fileset name. Fileset of the specified name is created if it does not exist. Default: spectrum-scale-csi-volume-store
remoteCluster	Mandatory if the primary file system (PrimaryFS) is a remotely mounted file system.	Cluster ID of the remote cluster, who is the owner of the file system that is specified against primaryFs.
inodeLimit	Optional	Inode limit for the primary fileset. If not specified, fileset is created with 1 M inodes, which is the IBM Spectrum Scale default value.
cacert	Mandatory if `secureSslMode` is true.	Name of the pre-created CA certificate configmap that is used to connect to the GUI server that is running on the guiHost. For more information, see Certificates.
secrets	Mandatory	Name of the pre-created Secret containing username and password to connect to the GUI running on the guiHost for cluster specified against the id parameter. For more information, see Secrets.
guiHost	Mandatory	FQDN or IP address of the GUI node of IBM Spectrum Scale cluster that is specified against the id parameter.
scaleHostpath	Mandatory	Mount path of the primary the file system (primaryFs) on primary cluster.
imagePullSecrets	Optional	An array of imagePullSecrets to be used for pulling images from a private registry. This is a pass-through option that distributes the imagePullSecrets array to the containers generated by the Operator. For more information on creating imagePullSecrets, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/.

Note:

Owning cluster might have more than one file system and not all file systems need to be remotely mounted on the accessing cluster.
There can be more than one owning cluster that exposes their file systems to the accessing cluster.
Accessing cluster or primary cluster can be compute-only cluster without any of its own file system.
Secrets contain the credentials to connect to the GUI for a specified cluster. For each cluster in the custom resource, there should be a pre-created secret before Operator deployment. For more information, see Secrets. Same secret cannot be used for multiple clusters even if the credentials are same.
Custom resource also contains other parameters that are optional, so those parameters should be added as per your requirement.